classless in-addr.arpa delegation
Simon Waters
Simon at wretched.demon.co.uk
Sat Nov 30 22:04:22 UTC 2002
Mike Wilcox wrote:
>
> Do I need to delegate 21.10.in-addr.arpa. to them and have a forward zone?
> or is there another way to do this?
You can delegate 21.10.in-addr.arpa to them.
No need to have a "forward" zone, as you will give the name
servers in the delegation, assuming all the routing/firewalling
is all set up to allow your recursive servers to query their
name servers (the opposite appears to work as they can query
your servers, so routing is probably okay, but firewalling may
need changing still).
Forwarding might be used if the security restrictions were
tighter say only allowing a couple of your name servers to query
their DNS servers, but in such cases you could just repeat the
delegations in your own copy of zone 121.21.10.in-addr.arpa
(which may or may not use the same zone file as the 1-27 zone
depending how you did the delegation), thus keeping your view of
the DNS entirely local and controlled by you.
Do you trust them, or do you restrict access using access
control lists or some such? One to think about.
More information about the bind-users
mailing list